Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-7098

Summary
Assigner-hpe
Assigner Org ID-eb103674-0d28-4225-80f8-39fb86215de0
Published At-14 Aug, 2018 | 14:00
Updated At-05 Aug, 2024 | 06:17
Rejected At-
Credits

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow directory traversal.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hpe
Assigner Org ID:eb103674-0d28-4225-80f8-39fb86215de0
Published At:14 Aug, 2018 | 14:00
Updated At:05 Aug, 2024 | 06:17
Rejected At:
▼CVE Numbering Authority (CNA)

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow directory traversal.

Affected Products
Vendor
Hewlett Packard Enterprise (HPE)Hewlett Packard Enterprise
Product
HPE 3PAR Service Processors
Versions
Affected
  • Prior to SP-4.4.0.GA-110(MU7)
Problem Types
TypeCWE IDDescription
textN/Alocal directory traversal
Type: text
CWE ID: N/A
Description: local directory traversal
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us
x_refsource_CONFIRM
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us
x_refsource_CONFIRM
Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us
Resource:
x_refsource_CONFIRM
Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us
x_refsource_CONFIRM
x_transferred
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us
x_refsource_CONFIRM
x_transferred
Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-alert@hpe.com
Published At:14 Aug, 2018 | 14:29
Updated At:10 Oct, 2018 | 18:12

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow directory traversal.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.4HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Primary2.03.6LOW
AV:L/AC:L/Au:N/C:P/I:P/A:N
Type: Primary
Version: 3.0
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Type: Primary
Version: 2.0
Base score: 3.6
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:N
CPE Matches
HP Inc.
hp
>>3par_service_provider>>sp-4.2.0
cpe:2.3:o:hp:3par_service_provider:sp-4.2.0:ga:*:*:*:*:*:*
HP Inc.
hp
>>3par_service_provider>>sp-4.3.0
cpe:2.3:o:hp:3par_service_provider:sp-4.3.0:ga-17:*:*:*:*:*:*
HP Inc.
hp
>>3par_service_provider>>sp-4.3.0
cpe:2.3:o:hp:3par_service_provider:sp-4.3.0:ga-24:*:*:*:*:*:*
HP Inc.
hp
>>3par_service_provider>>sp-4.4.0
cpe:2.3:o:hp:3par_service_provider:sp-4.4.0:ga-22:*:*:*:*:*:*
HP Inc.
hp
>>3par_service_provider>>sp-4.4.0
cpe:2.3:o:hp:3par_service_provider:sp-4.4.0:ga-30:*:*:*:*:*:*
HP Inc.
hp
>>3par_service_provider>>sp-4.4.0
cpe:2.3:o:hp:3par_service_provider:sp-4.4.0:ga-53:*:*:*:*:*:*
HP Inc.
hp
>>3par_service_provider>>sp-4.4.0
cpe:2.3:o:hp:3par_service_provider:sp-4.4.0:ga-58:*:*:*:*:*:*
HP Inc.
hp
>>3par_service_provider>>sp-4.4.0
cpe:2.3:o:hp:3par_service_provider:sp-4.4.0:ga-86:*:*:*:*:*:*
HP Inc.
hp
>>3par_service_provider>>sp-4.4.0
cpe:2.3:o:hp:3par_service_provider:sp-4.4.0:ga-88:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-22Primarynvd@nist.gov
CWE ID: CWE-22
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_ussecurity-alert@hpe.com
Vendor Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_ussecurity-alert@hpe.com
Vendor Advisory
Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us
Source: security-alert@hpe.com
Resource:
Vendor Advisory
Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us
Source: security-alert@hpe.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

52Records found
CVE-2019-4236
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 11.75%
||
7 Day CHG~0.00%
Published-22 Jul, 2019 | 13:35
Updated-16 Sep, 2024 | 23:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow a local attacker to restore or retrieve the object with incorrect ACL entries. IBM X-Force ID: 159418.

Action-Not Available
Vendor-HP Inc.IBM Corporation
Product-spectrum_protecthp-uxSpectrum Protect
CWE ID-CWE-19
Not Available
CVE-2019-18618
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.37% / 58.21%
||
7 Day CHG~0.00%
Published-22 Jul, 2020 | 13:21
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an unverified partition table.

Action-Not Available
Vendor-synapticsn/aHP Inc.Lenovo Group Limited
Product-elitebook_840_g5zbook_studio_g5_firmwarethinkpad_e490elitebook_1050_g1_firmwareelitebook_755_g5_firmwarethinkpad_t570\(20jx\)_firmwareprobook_445r_g6_firmwarethinkpad_p53thinkpad_p72_firmwarezhan_66_pro_14_g2elitebook_x360_830_g5_firmwareelitebook_x360_830_g5thinkpad_p52elite_x2_1013_g3thinkpad_p70thinkpad_x1_carbon_\(20hx\)thinkpad_t570_\(20hx\)_firmwarezhan_66_pro_13_g2thankpad_a485_firmwarethinkpad_t460pthinkpad_p1probook_445_g6thinkpad_x1_tablet_firmwarethinkpad_x280zbook_14u_g6_firmwarethinkpad_x390probook_445r_g6zbook_15_g6zbook_17_g6elitebook_745_g5_firmwareelitebook_850_g6_firmwarepavilion_x360eliteone_1000_g1elitebook_846_g6thinkpad_s3_firmwareelitebook_836_g6zbook_17_g6_firmwarethinkpad_t470s_\(20hx\)thinkpad_t490_firmwarethinkpad_r590_firmwarethinkpad_t580elitebook_850_g5_firmwarethinkpad_x1_yogaelitebook_x360_1020_g2thinkpad_e485_firmwarethinkpad_p51s_\(20kx\)elitebook_846_g5probook_455r_g6_firmwarethinkpad_e585zbook_17_g5_firmwareelitebook_830_g5thinkpad_x380_yoga_firmwarethinkpad_e490sthinkpad_t470_\(20jx\)elitebook_x360_1040_g6elitebook_846_g5_healthcare_edition_firmwareelitebook_840_g6_firmwarethinkpad_p51s_\(20jx\)zhan_66_pro_15_g2thinkpad_x1_carbon_\(20kx\)_firmwarethinkpad_x1_yoga_4th_genthinkpad_p52_firmwareelitebook_735_g6_firmwareelitebook_840_g5_firmwarethinkpad_t470s_\(20hx\)_firmwarethinkpad_t470_\(20hx\)_firmwarethinkpad_t580_firmwarethinkpad_a275thinkpad_e485thinkpad_yoga_s1_firmwareprobook_640_g5elitebook_745_g5thinkpad_t460sthinkpad_x390_yogaelitebook_830_g6elitebook_745_g6_firmwareprobook_430_g6_firmwareprobook_650_g5_firmwarethinkpad_x1_yoga_3rd_gen_firmwarethinkpad_x1_extreme_firmwareelite_x2_1012_g2_firmwarethinkpad_p51s_\(20hx\)_firmwarespectre_x360thinkpad_25_firmwareprobook_450_g6_firmwarethinkpad_e580elitebook_836_g6_firmwarethinkpad_x1_tablet_\(20jx\)elitebook_836_g5_firmwarezbook_17_g5elitebook_x360_1040_g5thinkpad_e480_firmwareelitebook_x360_1030_g2elitebook_x360_1030_g4pro_x2_612_g2thinkpad_t460s_firmwarethinkpad_x270_firmwarethankpad_a475thinkpad_t25_\(20k7\)zbook_15_g5_firmwareelitebook_840_g5_healthcare_edition_firmwareeliteone_1000_g2_firmwarevfs75xx_firmwarethinkpad_t480s_firmwareelitebook_840_g6_healthcare_edition_firmwarethinkpad_t470_\(20jx\)_firmwareelitebook_840_g6probook_455_g6envy_x360elitebook_x360_830_g6mt44thinkpad_yoga_s1pro_x2_612_g2_firmwareprobook_445_g6_firmwareelitebook_846_g6_healthcare_edition_firmwarethinkpad_t470s_\(20jx\)thinkpad_p53s_firmwarethinkpad_x1_extreme_2ndthinkpad_p52sthinkpad_x1_carbon_\(20hx\)_firmwarethinkpad_t480_firmwarethinkpad_t470_\(20hx\)thinkpad_p50_firmwarethinkpad_x1_carbon_firmwareelite_x2_1012_g2elitebook_846_g5_healthcare_editionthinkpad_25thinkpad_e580_firmwarezbook_14u_g5_firmwaremt45_firmwarethinkpad_e590_firmwarezbook_15u_g6zbook_studio_x360_g5zbook_studio_x360_g5_firmwarethinkpad_t490thinkpad_t470s_\(20jx\)_firmwarethinkpad_x280_firmwarethinkpad_p73_firmwarethinkpad_t590thinkpad_x1_tabletelitebook_1040_g4thinkpad_l480elitebook_735_g5elitebook_735_g5_firmwarethinkpad_x390_firmwareelitebook_846_g5_firmwarethinkpad_r490_firmwarezbook_15u_g5thinkpad_x270eliteone_1000_g2elitebook_840_g5_healthcare_editionthinkpad_l580_firmwareelite_x2_1013_g3_firmwarespectre_x360_firmwarezbook_14u_g6elitebook_850_g6elitebook_755_g5zbook_15u_g6_firmwaremt44_firmwarethinkpad_yoga_370elitebook_735_g6probook_640_g5_firmwareprobook_440_g6probook_450_g6thinkpad_p71_\(20hx\)_firmwarethinkpad_x390_yoga_firmwarethinkpad_x1_yoga_firmwarethinkpad_t590_firmwarezhan_x_13_g2thinkpad_t570\(20jx\)probook_650_g5zbook_studio_g5thinkpad_x1_extremepavilion_x360_firmwarethinkpad_x1_carbonthinkpad_p1_gen_2_firmwarethinkpad_t460p_firmwarezhan_66_pro_14_g2_firmwareeliteone_1000_g1_firmwarethinkpad_p52s_firmwarethinkpad_r490elite_x2_g4thinkpad_a275_firmwareelitebook_745_g6zbook_15_g5thinkpad_x1_carbon_\(20kx\)probook_430_g6thinkpad_e590thinkpad_x1_yoga_3rd_genelitebook_x360_1030_g3thinkpad_p1_firmwareelitebook_846_g6_firmwarezhan_x_13_g2_firmwareenvy_x360_firmwarethinkpad_t570_\(20hx\)probook_455r_g6thinkpad_x380_yogathinkpad_l480_firmwareelitebook_836_g5thinkpad_p53sthinkpad_t480sthankpad_a485thinkpad_p71_\(20hx\)thinkpad_x1_extreme_2nd_firmwarethinkpad_p51_firmwarevfs75xxprobook_455_g6_firmwarethinkpad_t25_\(20k7\)_firmwareelitebook_x360_1030_g2_firmwareelite_sliceprobook_440_g6_firmwareelitebook_x360_830_g6_firmwareelitebook_830_g6_firmwareelitebook_x360_1040_g5_firmwarethinkpad_p43sthinkpad_x1_yoga_4th_gen_firmwarethinkpad_p51s_\(20kx\)_firmwareelite_x2_g4_firmwarethankpad_a475_firmwarethinkpad_t490s_firmwarezhan_66_pro_13_g2_firmwarethinkpad_l580thinkpad_p50thinkpad_r590elitebook_x360_1030_g3_firmwarethinkpad_e490s_firmwareelitebook_840_g6_healthcare_editionelitebook_1040_g4_firmwarethinkpad_x1_yoga_\(20jx\)thinkpad_p1_gen_2zhan_66_pro_15_g2_firmwarethinkpad_t470p_firmwarethinkpad_e490_firmwarethinkpad_p70_firmwarezbook_14u_g5thinkpad_s1_3rd_firmwarethinkpad_x1_tablet_\(20jx\)_firmwarethinkpad_p53_firmwareelitebook_846_g6_healthcare_editionelitebook_1050_g1elite_slice_firmwarethinkpad_s1_3rdelitebook_850_g5thinkpad_e480thinkpad_p51thinkpad_yoga_260thinkpad_s3thinkpad_e585_firmwarethinkpad_t490sthinkpad_p73elitebook_x360_1040_g6_firmwaremt45elitebook_x360_1030_g4_firmwarezbook_15u_g5_firmwarethinkpad_p72thinkpad_t470pthinkpad_x1_yoga_\(20jx\)_firmwarethinkpad_yoga_260_firmwareelitebook_x360_1020_g2_firmwareelitebook_830_g5_firmwarezbook_15_g6_firmwarethinkpad_yoga_370_firmwarethinkpad_p51s_\(20jx\)_firmwarethinkpad_t480thinkpad_p51s_\(20hx\)thinkpad_p43s_firmwaren/a
CVE-2002-2270
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.6||LOW
EPSS-0.16% / 37.79%
||
7 Day CHG~0.00%
Published-18 Oct, 2007 | 10:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the ied command in HP-UX 10.10, 10.20, and 11.0 allows local users to view "normally invisible data" via unknown attack vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2000-1127
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.6||LOW
EPSS-0.53% / 66.22%
||
7 Day CHG~0.00%
Published-19 Dec, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating a symbolic link to the target file, to which registrar appends log information and sets the permissions to be world readable.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2016-1996
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.7||HIGH
EPSS-0.13% / 33.16%
||
7 Day CHG~0.00%
Published-18 Mar, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-system_management_homepagen/a
CVE-2010-1967
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-3.6||LOW
EPSS-0.18% / 40.20%
||
7 Day CHG~0.00%
Published-14 Jul, 2010 | 18:31
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.Microsoft Corporation
Product-windowsinsight_software_installern/a
CVE-2017-17556
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.13% / 33.28%
||
7 Day CHG~0.00%
Published-15 Dec, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys.

Action-Not Available
Vendor-n/aHP Inc.
Product-synaptics_touchpad_drivern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8974
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-4.4||MEDIUM
EPSS-0.10% / 27.86%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 23:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Local Authentication Restriction Bypass vulnerability in HPE NonStop Server version L-Series: T6533L01 through T6533L01^ADN; J-Series and H-series: T6533H02 through T6533H04^ADF and T6533H05 through T6533H05^ADL was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-nonstop_server_softwarenonstop_serverNonStop Server
CVE-2007-3487
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-11.15% / 93.20%
||
7 Day CHG~0.00%
Published-29 Jun, 2007 | 18:00
Updated-07 Aug, 2024 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0.0.133 in Hewlett-Packard (HP) Photo Digital Imaging allows remote attackers to create or overwrite arbitrary files via the argument to the saveXMLAsFile method.

Action-Not Available
Vendor-n/aHP Inc.
Product-photo_digital_imaging_activex_controln/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-11994
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-4.31% / 88.42%
||
7 Day CHG~0.00%
Published-03 Jan, 2020 | 17:23
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. An API is used to execute a command manifest file during upgrade does not correctly prevent directory traversal and so can be used to execute manifest files in arbitrary locations on the node. The API does not require user authentication and is accessible over the management network, resulting in the potential for unauthenticated remote execution of manifest files. For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=mmr_sf-EN_US000061901&withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience.

Action-Not Available
Vendor-n/aHP Inc.
Product-simplivity_2600_gen10_firmwaresimplivity_omnicube_firmwaresimplivity_omnistack_for_ciscosimplivity_omnistack_for_dellsimplivity_380_gen9_firmwaresimplivity_omnistack_for_lenovo_firmwaresimplivity_380_gen10_gsimplivity_380_gen10_g_firmwaresimplivity_omnistack_for_lenovosimplivity_380_gen9simplivity_380_gen10simplivity_omnistack_for_cisco_firmwaresimplivity_380_gen10_firmwaresimplivity_omnistack_for_dell_firmwaresimplivity_2600_gen10simplivity_omnicubeHPE SimpliVity 2600 Gen10; HPE SimpliVity 380 Gen10; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 380 Gen9; SimpliVity OmniCube; SimpliVity OmniStack for Cisco; SimpliVity OmniStack for Dell; SimpliVity OmniStack for Lenovo
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-5160
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-21.78% / 95.53%
||
7 Day CHG~0.00%
Published-01 Aug, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design.

Action-Not Available
Vendor-n/aHP Inc.
Product-data_protectorn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-37906
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 41.55%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 19:18
Updated-02 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of the vulnerability results in the ability to delete arbitrary files on the underlying operating system.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-arubaossd-wanAruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-2626
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-9.4||HIGH
EPSS-47.01% / 97.59%
||
7 Day CHG~0.00%
Published-26 Jul, 2014 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.

Action-Not Available
Vendor-n/aHP Inc.
Product-network_virtualizationn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-37934
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.8||MEDIUM
EPSS-0.56% / 67.23%
||
7 Day CHG~0.00%
Published-03 Jan, 2023 | 18:33
Updated-10 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)HP Inc.
Product-officeconnect_1850_6xgtofficeconnect_1820_48g_poe\+_\(370w\)_switch_j9984a_firmwareofficeconnect_1820_8g_poe\+_\(65w\)_switch_j9982aofficeconnect_1850_24g_2xgt_poe\+officeconnect_1850_24g_2xgtofficeconnect_1850_2xgt\/spf\+officeconnect_1850_2xgt\/spf\+_firmwareofficeconnect_1820_24g_poe\+_\(185w\)_switch_j9983a_firmwareofficeconnect_1850_48g_4xgt_poe\+officeconnect_1850_24g_2xgt_firmwareofficeconnect_1850_48g_4xgt_poe\+_firmwareofficeconnect_1850_48g_4xgtofficeconnect_1850_6xgt_firmwareofficeconnect_1820_48g_poe\+_\(370w\)_switch_j9984aofficeconnect_1820_8g_switch_j9979a_firmwareofficeconnect_1820_8g_poe\+_\(65w\)_switch_j9982a_firmwareofficeconnect_1820_24g_poe\+_\(185w\)_switch_j9983aofficeconnect_1850_24g_2xgt_poe\+_firmwareofficeconnect_1820_8g_switch_j9979aofficeconnect_1850_48g_4xgt_firmwareHPE OfficeConnect 1820 and 1850 Switch Series
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-2610
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-7.1||HIGH
EPSS-1.86% / 82.30%
||
7 Day CHG~0.00%
Published-19 Jun, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the Content Acceleration Pack (CAP) web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code by uploading an executable file, aka ZDI-CAN-2117.

Action-Not Available
Vendor-n/aHP Inc.
Product-executive_scorecardn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-2625
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-8.5||HIGH
EPSS-11.42% / 93.31%
||
7 Day CHG~0.00%
Published-26 Jul, 2014 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023.

Action-Not Available
Vendor-n/aHP Inc.
Product-network_virtualizationn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-2611
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-9||HIGH
EPSS-2.58% / 84.98%
||
7 Day CHG~0.00%
Published-19 Jun, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the fndwar web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code, or obtain sensitive information or delete data, via unspecified vectors, aka ZDI-CAN-2120.

Action-Not Available
Vendor-n/aHP Inc.
Product-executive_scorecardn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-29212
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-15.48% / 94.39%
||
7 Day CHG~0.00%
Published-01 Nov, 2021 | 13:18
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to confidentiality, integrity, and availability of the iLO Amplifier Pack appliance.

Action-Not Available
Vendor-n/aHP Inc.
Product-ilo_amplifier_packiLO Amplifier Pack
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-25140
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-5.60% / 89.94%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 16:08
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configure an HPE Moonshot 1500 chassis. This vulnerability could be remotely exploited by an unauthenticated user to cause a directory traversal in user supplied input to the `khuploadfile.cgi` CGI ELF. The directory traversal could lead to Remote Code Execution, Denial of Service, and/or compromise system integrity. **Note:** HPE recommends that customers discontinue the use of the HPE Moonshot Provisioning Manager. The HPE Moonshot Provisioning Manager application is discontinued, no longer supported, is not available to download from the HPE Support Center, and no patch is available.

Action-Not Available
Vendor-n/aHP Inc.
Product-moonshot_provisioning_managerHPE Moonshot Provisioning Manager
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-20354
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.29% / 51.75%
||
7 Day CHG~0.00%
Published-18 Feb, 2021 | 15:10
Updated-16 Sep, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-7092
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-20.92% / 95.41%
||
7 Day CHG~0.00%
Published-06 Aug, 2018 | 20:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09. The vulnerability could be remotely exploited to allow for remote directory traversal leading to arbitrary file deletion.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerHPE Intelligent Management Center Platform (IMC Plat)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-7102
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-1.43% / 79.87%
||
7 Day CHG~0.00%
Published-27 Sep, 2018 | 18:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security vulnerability in HPE Intelligent Management Center (iMC) PLAT E0506P09, createFabricAutoCfgFile could be remotely exploited via directory traversal to allow remote arbitrary file modification.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerHPE Intelligent Management Center (iMC) PLAT
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-6500
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.5||HIGH
EPSS-1.50% / 80.34%
||
7 Day CHG~0.00%
Published-20 Sep, 2018 | 16:00
Updated-16 Sep, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability

A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be remotely exploited to allow Directory Traversal.

Action-Not Available
Vendor-Micro Focus International LimitedHP Inc.
Product-arcsight_management_centerArcSight Management Center
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2012-0697
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.39% / 86.91%
||
7 Day CHG~0.00%
Published-13 Jan, 2012 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP StorageWorks P2000 G3 MSA array systems have a default account, which makes it easier for remote attackers to perform administrative tasks via unspecified vectors, a different vulnerability than CVE-2011-4788.

Action-Not Available
Vendor-n/aHP Inc.
Product-storageworks_p2000_g3_msan/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2011-4788
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.92% / 75.06%
||
7 Day CHG~0.00%
Published-13 Jan, 2012 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Absolute path traversal vulnerability in the web interface on HP StorageWorks P2000 G3 MSA array systems allows remote attackers to read arbitrary files via a pathname in the URI.

Action-Not Available
Vendor-n/aHP Inc.
Product-storageworks_p2000_g3_msa_fibre_channel_dual_controller_sff_array_systemstorageworks_p2000_g3_msa_fibre_channel_dual_controller_lff_array_systemstorageworks_p2000_g3_msa_fc\/iscsi_dual_combo_controller_lff_array_systemn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2011-4166
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-71.27% / 98.65%
||
7 Day CHG~0.00%
Published-27 Dec, 2011 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.

Action-Not Available
Vendor-n/aHP Inc.
Product-managed_printing_administrationn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2011-4168
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-2.94% / 85.90%
||
7 Day CHG~0.00%
Published-27 Dec, 2011 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in hpmpa/jobDelivery/Default.asp in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.

Action-Not Available
Vendor-n/aHP Inc.
Product-managed_printing_administrationn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2007-6331
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-6.21% / 90.49%
||
7 Day CHG~0.00%
Published-13 Dec, 2007 | 19:00
Updated-07 Aug, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier allows remote attackers to execute arbitrary programs via the first argument to the LaunchApp method. NOTE: only a user-assisted attack is possible on Windows Vista.

Action-Not Available
Vendor-n/aHP Inc.
Product-info_centerquick_launch_buttonn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2011-1736
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-8.5||HIGH
EPSS-29.38% / 96.42%
||
7 Day CHG~0.00%
Published-07 May, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a GET_FILE message.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_storage_data_protectorn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2010-4107
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-29.97% / 96.48%
||
7 Day CHG~0.00%
Published-17 Nov, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack.

Action-Not Available
Vendor-n/aHP Inc.
Product-color_laserjet_mfplaserjet_4300laserjet_5100laserjet_mfplaserjet_41009000laserjet_8150laserjet_4200n/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-37098
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-0.07% / 22.55%
||
7 Day CHG-0.00%
Published-01 Jul, 2025 | 14:39
Updated-10 Jul, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A path traversal vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)
Product-insight_remote_supportInsight Remote Support
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-5356
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-19.72% / 95.21%
||
7 Day CHG~0.00%
Published-05 Jun, 2019 | 14:39
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (IMC) PLAT
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2009-3693
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-67.42% / 98.50%
||
7 Day CHG~0.00%
Published-13 Oct, 2009 | 10:00
Updated-16 Sep, 2024 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method.

Action-Not Available
Vendor-persitsn/aHP Inc.
Product-loadrunnerxuploadn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2009-4000
Matching Score-6
Assigner-Flexera Software LLC
ShareView Details
Matching Score-6
Assigner-Flexera Software LLC
CVSS Score-10||HIGH
EPSS-31.57% / 96.62%
||
7 Day CHG~0.00%
Published-20 Jan, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter.

Action-Not Available
Vendor-n/aHP Inc.
Product-power_managern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-18593
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
CVSS Score-6.5||MEDIUM
EPSS-1.53% / 80.53%
||
7 Day CHG~0.00%
Published-31 Dec, 2018 | 15:00
Updated-16 Sep, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MFSBGN03838 rev.1 - UCMDB Configuration Management Service, Multiple Vulnerabilities

Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11. The vulnerabilities could allow Remote Directory Traversal and Remote Disclosure of Privileged Information

Action-Not Available
Vendor-Micro Focus International LimitedHP Inc.
Product-ucmdb_configuration_managerUCMDB Configuration Management Service
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-4419
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.66% / 70.16%
||
7 Day CHG~0.00%
Published-05 Feb, 2009 | 00:00
Updated-07 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9; LaserJet 4345mfp and 9200C Digital Sender before firmware 09.120.9; Color LaserJet 4730mfp before firmware 46.200.9; LaserJet 2410, LaserJet 2420, and LaserJet 2430 before firmware 20080819 SPCL112A; LaserJet 4250 and LaserJet 4350 before firmware 20080819 SPCL015A; and LaserJet 9040 and LaserJet 9050 before firmware 20080819 SPCL110A allows remote attackers to read arbitrary files via directory traversal sequences in the URI.

Action-Not Available
Vendor-n/aHP Inc.
Product-9200c_digital_sendercolor_laserjet_9500mfplaserjet_4345mfplaserjet_9050laserjet_4350laserjet_2420color_laserjet_4370mfplaserjet_9040mfplaserjet_9040laserjet_2430laserjet_2410laserjet_9050mfplaserjet_4250n/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-8961
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-8.8||HIGH
EPSS-71.49% / 98.66%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A directory traversal vulnerability in HPE Intelligent Management Center (IMC) PLAT 7.3 E0504P02 could allow remote code execution.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-8947
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-66.25% / 98.46%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-ucmdb_configuration_managerUCMDB
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-3482
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
CVSS Score-6.5||MEDIUM
EPSS-1.56% / 80.73%
||
7 Day CHG~0.00%
Published-25 Mar, 2019 | 16:05
Updated-04 Aug, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mitigates a directory traversal issue in ArcSight Logger versions prior to 6.7.

Action-Not Available
Vendor-n/aHP Inc.
Product-arcsight_loggerArcSight Logger
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-13982
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
CVSS Score-8.8||HIGH
EPSS-3.32% / 86.75%
||
7 Day CHG~0.00%
Published-29 Sep, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files.

Action-Not Available
Vendor-n/aHP Inc.
Product-bsm_platform_application_performance_management_system_healthn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2017-12559
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.5||MEDIUM
EPSS-0.82% / 73.36%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-12560
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.5||MEDIUM
EPSS-0.82% / 73.36%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-0068
Matching Score-6
Assigner-Flexera Software LLC
ShareView Details
Matching Score-6
Assigner-Flexera Software LLC
CVSS Score-5||MEDIUM
EPSS-58.68% / 98.13%
||
7 Day CHG~0.00%
Published-16 Apr, 2008 | 18:00
Updated-07 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in OpenView5.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to read arbitrary files via directory traversal sequences in the Action parameter.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_network_node_managern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-6221
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-84.14% / 99.26%
||
7 Day CHG~0.00%
Published-18 Jun, 2014 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031.

Action-Not Available
Vendor-n/aHP Inc.
Product-service_virtualizationn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-13985
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
CVSS Score-6.5||MEDIUM
EPSS-0.45% / 62.63%
||
7 Day CHG~0.00%
Published-29 Sep, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information.

Action-Not Available
Vendor-n/aHP Inc.
Product-bsm_platform_application_performance_management_system_healthn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-39143
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.09% / 26.01%
||
7 Day CHG~0.00%
Published-04 Jan, 2022 | 17:25
Updated-22 Apr, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Path Traversal in spinnaker

Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment don't override system files. This would allow an attacker to override files on the container, POTENTIALLY introducing a MITM type attack vector by replacing libraries or injecting wrapper files. Users are advised to update as soon as possible. For users unable to update disable Google AppEngine deployments and/or disable artifacts that provide TARs.

Action-Not Available
Vendor-spinnakerThe Linux Foundation
Product-spinnakerspinnaker
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-33183
Matching Score-4
Assigner-Synology Inc.
ShareView Details
Matching Score-4
Assigner-Synology Inc.
CVSS Score-7.9||HIGH
EPSS-0.05% / 15.80%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 09:50
Updated-17 Sep, 2024 | 03:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read or write arbitrary files via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-dockerSynology Docker
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-15858
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.28% / 50.89%
||
7 Day CHG~0.00%
Published-21 Aug, 2020 | 00:00
Updated-13 Feb, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by physically proximate attackers. The directory path access check of the internal flash file system can be circumvented. This flash file system can store application-specific data and data needed for customer Java applications, TLS and OTAP (Java over-the-air-provisioning) functionality. The affected products and releases are: BGS5 up to and including SW RN 02.000 / ARN 01.001.06 EHSx and PDSx up to and including SW RN 04.003 / ARN 01.000.04 ELS61 up to and including SW RN 02.002 / ARN 01.000.04 ELS81 up to and including SW RN 05.002 / ARN 01.000.04 PLS62 up to and including SW RN 02.000 / ARN 01.000.04

Action-Not Available
Vendor-thalesgroupn/a
Product-els61pds5els61_firmwarebgs5pds5_firmwareels81_firmwarebgs5_firmwareehs8_firmwarepds6ehs6_firmwarepds6_firmwareels81pls62ehs5_firmwareehs5ehs8pls62_firmwareehs6n/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-0822
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.6||LOW
EPSS-1.18% / 77.84%
||
7 Day CHG~0.00%
Published-19 Feb, 2008 | 20:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in index.php in Scribe 0.2 allows remote attackers to read arbitrary local files via a .. (dot dot) in the page parameter.

Action-Not Available
Vendor-scriben/a
Product-scriben/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-1371
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.6||LOW
EPSS-1.42% / 79.76%
||
7 Day CHG~0.00%
Published-18 Mar, 2008 | 17:00
Updated-07 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Absolute path traversal vulnerability in install/index.php in Drake CMS 0.4.11 RC8 allows remote attackers to read and execute arbitrary files via a full pathname in the d_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-drake_teamn/a
Product-drake_cmsn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • Previous
  • 1
  • 2
  • Next
Details not found